<?php 
session_start(); 
if (!isset($_SESSION['Username'])) {
                header("location:login.php");
        }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Administrator Change Passwords</title>
<link href="css/default.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" src="scripts/rand_password.js"></script>
<?php include('includes/path.php'); ?>

</head>

<body class="oneColFixCtrHdr">

<div id="container">
<?php include( 'includes/header.php' ); ?>
<?php include( 'includes/menu.php' ); ?>
<?php include ('includes/status.php'); ?>

  <div id="mainContent">
     <?php
	// This file inserts the following
	// variables: USER, PASS, DB
	include('db.php');

    ?>
      <!-- <p><a href="admin.php">Back to Admin Page</a></p> -->
      <form action="" method="POST" enctype="multipart/form-data" name="changePasswords" target="_parent">
          <?php
          
          

            $TABLE = "Password_Requests";
            $TABLE2 = "Users";

            $CON = mysql_connect( $HOST, $USER, $PASS );

            if (!$CON){
                die('Could not connect: ' . mysql_error());
            }

            mysql_select_db( $DB );
            
            
            
            $rowNum = (isset($_POST['numberOfRows']) ? htmlspecialchars($_POST['numberOfRows']) : '');
            
            while($rowNum>0){
                
		$rowNum --;        
		$tmp = (isset($_POST[$rowNum]) ? htmlspecialchars($_POST[$rowNum]) : '');
		if(Empty($tmp)){
                }
		else {
                    $SQL = "DELETE from Password_Requests where(email) ='$tmp'";
                    mysql_query($SQL);
                    
                }
                        
                        $currentPass = "passName".$rowNum;
                        //echo $currentPass;              
                        $currentConfirmation = "confirmName".$rowNum;
                        //echo #currentConfirmation;
                        $password = (isset($_POST[$currentPass]) ? htmlspecialchars($_POST[$currentPass]) : '');
                        //echo $password;
                        $confirmation = (isset($_POST[$currentConfirmation]) ? htmlspecialchars($_POST[$currentConfirmation]) : '');
                        //echo $confirmation;
                        
                        //Passwords are only changed if both password and confirmation are the same.
                        if(($password==$confirmation)and($password!='')){
                            $currentEmail = "email".$rowNum;
                            //echo $currentEmail;
                            $email = (isset($_POST[$currentEmail]) ? htmlspecialchars($_POST[$currentEmail]) : 'no email found!!');
                            //echo $email;
                            $QRY = "SELECT * FROM Password_Requests WHERE email = '$email'";
                            //echo $QRY;

                            $RESULT = mysql_query($QRY);
                            if(!$RESULT){
                                //echo $QRY;
                                echo "Cound not run query! ".mysql_error();
                                //exit;
                            }
                            else{
                                
                                //Get the required information and then update the user table.
                                
                                $ROW = mysql_fetch_row($RESULT);
                                $new_email = $ROW[0];
                                //echo "email is... ";
                                //echo $new_email;
                                $password = md5($password);
                                $QRY2 = "UPDATE Users SET password = '$password' WHERE login = '$new_email'";
                                //echo $QRY2;
                                if(!(mysql_query($QRY2))){
                                    echo "ERROR:".mysql_error();
                                }
                                else{
                                    echo "Password(s) changed!";
                                }
                                
                                //Since the password was changed in the user table... delete the record from the password_requests table.
                                $SQL2 = "DELETE from Password_Requests where(email) ='$email'";
                                mysql_query($SQL2);
                                
                            }
                        }                        

            }

          ?>
      </form>
        
        
        
        
<?php        
        echo '<div  align ="center">
	<form action="" method="POST" enctype="multipart/form-data" name="changePasswords" target="_parent">
	<table style="width: 50%; border: 5p09x #aba groove;" align="center">';
        
        //mysql_close($CON);
        
        $TABLE2 = "Password_Requests";
        $ROW_NUMBER = 0;
        

        if (!$CON)
          {
                  die('Could not connect: ' . mysql_error());
          }
        
        mysql_select_db( $DB );
        $QRY = 'SELECT * FROM ' . $TABLE2;
        

        echo '<table style="width: 100%; border: 5px #aba groove;">';   
        echo '<tr><td  style="height:25px;"></td></tr>';
        echo '<tr style="background-color: #77C48E;"><th colspan=4>Password Changes</th></tr>';
        echo '<tr style="background-color: #D6B376;"><th style="text-align: center; width:50px;">Del</th><th style="text-align: center; width: 500px;">Email</th>
            <th style="text-align: center;">Password</th><th style="text-align: center;">Confirm Password</th></tr>';
        
        $RESULT = mysql_query($QRY);
        
	while($ROW = mysql_fetch_array($RESULT))
        {
            
                $rowNumString = (string)($ROW_NUMBER);
                $passVar = "passName".$rowNumString;
                $passValueVar = "passValue".$rowNumString;
                $confirmVar ="confirmName".$rowNumString;
                $confirmValueVar = "confirmValue".$rowNumString;
                $rowEmail = "email".$rowNumString;            
            
            
                echo '<tr style="background-color: #';
                if ( $ROW_NUMBER % 2 ){ echo 'FFF;"'; }
                else { echo 'DEDEDE;"'; }
                echo '><td><input type="checkbox" name="'.$ROW_NUMBER.'" value="'.$ROW['email'].'"/></td><td>' . $ROW['email'] . '</td>
                    <input type="hidden" name="'.$rowEmail.'" value="'.$ROW['email'].'">
                    <td style="text-align: right;"><input type="text" name="'.$passVar.'" value="" /></td>
                    <td style="text-align: right;"><input type="text" name="'.$confirmVar.'" value=""  /></td></tr>';
        $ROW_NUMBER++;
        }
        
        
        echo '<tr><td  style="height:25px;"></td></tr>';
        echo '<tr><td style="text-align: right;"></td><td style="text-align: right;">
            <input type="button" onClick="passLabel.value = randPass()" value="Generate Random Password">
            <input type="text" id="passLabel" name="passLabel" /></td><td style="text-align: right;">
            <input type="submit" value="Update Passwords"></td></tr>';
        echo '<input type="hidden" name="numberOfRows" value="'.$ROW_NUMBER.'">';
        echo '</table>';
        
        echo '</table></form></div>';
        
        
        
        
        mysql_close($CON);
    
?>
  <!-- end #mainContent --></div>
<?php include('includes/footer.php'); ?>
<!-- end #container --></div>
</body>
</html>
